Cisco has patched a high-severity vulnerability in its software for routers and switches. The vulnerability enables cross-site request forgery, an attack that forces an end user, once they click on a malicious link, to execute unwanted actions on a web application in which they re currently authenticated. The flaw (CVE-2019-1904) ranks 8.8 out of 10 on the CVSS scale. It is due to insufficient CSRF protections for the web UI on impacted devices, said Cisco.
Source: https://threatpost.com/high-severity-cisco-flaw-in-ios-xe-enables-device-takeover/145645/